Advertising

Hi Petr,
I am not sure I like the proposed solution.
If there is a legitimate reason to run this plugin as non-root (eg
admin
user) then you should change the connection part to try to use GSSAPI
auth over ldap when non-root, not just throw a warning.
If there is no reason for anyone but root to run this script then we
should just abort if not root IMO.
Simo.

I would keep this script runable for root users only. Regularly, this
should not be run manually but as a part of RPM update which is done by
root. It is being run manually only when something is broken anyway and
I am not convinced that non-root users should be involved in such
recovery.
Martin

Thanks for the advice. The attached patch only allows root to run
ipa-ldap-updater.

NACK. It is very handy for developers to be able to run ipa-ldap-updater
to test update files.
rob